Category Archives: Linux Security

Years ago back in the day as they say I was constantly on IRC! I was told try Linux to run several services! That is what got me into to linux. I want to say around 1998! I am sure it was 98! Anyways I started off with Slackware. It might have been Slackware 6! That is what sticks out in the the mind… I setup a shell server today for a customer on CentOS5 64 bit. It is really simple. You just install gcc, screen, glibc, automake, autoconf, oidentd, BitchX and some other packages if needed. Then lock the server down so that shell users can only use what you want them to. Remove unneeded packages. Install a firewall and brute force detection. You might also install malware detection and rootkit detection. Here is a quick and easy setup for a centos5 shell box.

Install CentOS make sure to unselect everything but the base install make sure to customize packages and select nothing but the BASE INSTALL. I cannot count how many times people have told me it needs the SECOND CD! NO it does not if you unselect everything but the base install. You have to choose customize when selecting packages….

After you have CentOS installed update the system with yum.
yum -y update

I also install ncftp as it is an easy to use command line ftp client.
wget ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/x86_64/RPMS/ncftp-3.2.0-3.el5.kb.x86_64.rpm
rpm -Uvh ncftp-3.2.0-3.el5.kb.x86_64.rpm

Save the file
In vi hit esc then :wq to save the file
service apf restart to restart the firewall
or /etc/init.d/apf restart

Install BFD
Extract it
tar xvzf bfd-current.tar.gz
Go into the extracted directory
cd bfd-1.4
Install BFD
sh install.sh
You can edit the conf file but it is ready to go out of the box you dont have to edit it.
vi /usr/local/bfd/conf.bfd
You might want to set it up to email the root user when the server is brute force attacked.

After that install some kind of malware and rootkit detection the two I used today are Linux Malware Detect and chkrootkit.

Technology platforms in the post-millennial era are heavily characterized by their use of automation and optimization techniques. As we increasingly analyze our software in order to quantify and qualify what applications and data workloads work well in situation A, we can start to automate an element of other software deployments with managed optimized controls in […]

This blog post looks at the most important control plane components of a single Kubernetes master node — etcd, the API server, the scheduler and the controller manager — and explains how they work together. Although other components, such as DNS and the dashboard, come into play in a production environment, the focus here is […]

To successfully deal with open source security, you need your developers (and DevOps teams) to operate the solution. Given the fast pace of modern development, boosted in part by the use of open source itself, an outnumbered security team will never be able to keep you secure. Therefore, the SCA solution you choose must be designed for […]

Names set expectations. Your project's name should showcase its functionality in the ecosystem and explain to users what your story is. In the crowded open source software world, it's important not to get entangled with other projects out there. Taking a little extra time now, before sending out that big announcement, will pay off later. […]

According to the GitHub’s announcement of its findings, the company looked at three different types of activity. It identified the top 100 projects that had at least 2,000 contributors in 2016 and experienced the largest increase in contributors in 2017. It also identified the top 100 projects that received the largest increase in visits to the […]